From ${URL} : It was found that libimobiledevice and libusbmuxd libraries accidentally bound a listening IPv4 TCP socket to INADDR_ANY instead of INADDR_LOOPBACK. Upstream patches: libusbmuxd: https://github.com/libimobiledevice/libusbmuxd/commit/4397b3376dc4e4cb1c991d0aed61ce6482614196 libimobiledevice: https://github.com/libimobiledevice/libimobiledevice/commit/df1f5c4d70d0c19ad40072f5246ca457e7f9849e CVE request: http://seclists.org/oss-sec/2016/q2/410 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
[master 8973207ac636] app-pda/libimobiledevice: Follow Fedora patches and GIT snapshot 2 files changed, 116 insertions(+) create mode 100644 app-pda/libimobiledevice/libimobiledevice-1.2.0-r1.ebuild this revision solves this
amd64 stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f92be73ab349d2d9e8d63603b0225b4073bddb11 commit f92be73ab349d2d9e8d63603b0225b4073bddb11 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-07-01 09:13:55 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-07-01 09:13:55 +0000 app-pda/libimobiledevice: stable 1.2.0-r1 for ppc, bug #584194 Bug: https://bugs.gentoo.org/584194 Package-Manager: Portage-2.3.41, Repoman-2.3.9 RepoMan-Options: --include-arches="ppc" app-pda/libimobiledevice/libimobiledevice-1.2.0-r1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
x86 stable
old dropped
GLSA Vote: No